Over Ten Percent of Fortune 500 Still Infected by DNSChanger

Despite education and remediation efforts on the part of the Federal government and the security industry, and with the deadline fast approaching, more than ten percent of Fortune 500 enterprise systems are still infected.

In November 2011, federal prosecutors had revealed the outcome of Operation Ghost Click, an investigation that resulted in the arrests of seven suspect who were alleged to have infected millions of computers with DNSChanger malware.

DNSChanger hijacks the domain name system (DNS) on infected systems and sent internet requests to a rogue DNS server rather than a legitimate one.

After the rogue servers were seized, the FBI replaced them with clean servers in order to prevent millions of infected Internet users from losing their Internet connectivity.

"On July 9th, those servers are coming down barring a last-minute extension, and many computers—including machines at 12% of the Fortune 500—are still infected with the malware," security provider IID (Internet Identity) reports.

Those companies may experience a loss of connectivity, and potentially a devastating interruption in business operations.

US-CERT"encourages users and administrators to utilize the FBI's rogue DNS detection tool to ensure their systems are not infected with the DNSChanger malware. Computers testing positive for infection of the DNSChanger malware will need to be cleaned of the malware to ensure continued Internet connectivity."

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.